Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Vulnerability protection

Microsoft Office, Windows, .NET Framework, and Silverlight combined security update


Report ID: MS201205006
Date Published: 9 May 2012

Criticality: Critical
Compromise Type: remote-code-execution denial-of-service privilege-escalation
Compromise From: remote local-system


Affected Product/Component:

Windows XP
Windows Server 2003
Windows Vista
Windows Server 2008
Windows 7
Microsoft Server 2008 R2
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 4
Microsoft Office 2003
Microsoft Office 2007
Microsoft Office 2010
Microsoft Silverlight 4
Microsoft Silverlight 5




Summary

A combined security update for Microsoft Office, Windows, .NET Framework, and Silverlight has been released to address multiple vulnerabilities that could lead to remote code execution, denial of service attack, or escalation of privilege.



Detailed Description

Microsoft has released a combined security update to resolve multiple vulnerabilities that were reported found in Microsoft Office, Windows, .NET Framework, and Silverlight.

Six remote code execution vulnerabilities were reported in those products, two of which involving TrueType font file, one involving .NET Framework, two involving Office GDI+, and one involving Silverlight.

There is one denial of service vulnerability in .NET Framework. It was caused by improper comparation of the value of an index within a Windows Presentation Foundation (WPF) application.

Finally, there are three escalation of privilege vulnerabilities that could allow an attacker to execute code in kernel mode. To exploit these three vulnerabilities, the attacker must first log on to the local system and run a specially crafted application.

All these vulnerabilities have been resolved through the combined security update, which introduces necessary changes and modification of vulnerable components. Users are recommended to install this latest update as a protection measure against potential exploit attempts.



CVE Reference

CVE-2011-3402
CVE-2012-0159
CVE-2012-0162
CVE-2012-0164
CVE-2012-0165
CVE-2012-0167
CVE-2012-0176
CVE-2012-0180
CVE-2012-0181
CVE-2012-0848



Solution

Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms12-034)



Security Advisories

For a list of known vulnerabilities affecting F-Secure products and the released fixes, please refer to the Security Advisories page.